We have configured the Kubernetes cluster on bare-metal server with v1.15.1 and Istio-1.4.0 (demo) with mTLS enabled. And our mysql server is outside the K8s cluster on Azure VM's. Now when we inject istio-proxy while deploying the application we are unable to connect to mysql server via jdbc and also tried my mysql client. But when remove the istio-proxy by re-deploying we are able to connect instantly with out any issue.
When through many blogs wrt istio and mysql, tried with removing the default mesh policy but tht didnt work. The case in istio faq's is when the mysql is in k8s cluster with istio injected.
ServiceEntryis simpler solution rather than makingmysqlconnectionmTLSfriendly. However i suggest using current documentation example instead. The blog post from 2018 might be outdated. What istio version do You have? – Piotr Malecvalues.global.mtls.auto=truethis will use mtls only when possible – Tummala Dhanviistioctl manifest apply --set profile=demo \ --set values.global.mtls.auto=trueto enable the setting talked about. Have you tried it with just a ServiceEntry, without a DestinationRule and restarting the pods after adding everything? – char